Great, I'll give that a try. I'm going to take my m0n0 test box to the datacentre next week so I'll
give it a try on some test subnets. :)
| -----Original Message-----
| From: news [mailto:news at sea dot gmane dot org] On Behalf Of Ugo Bellavance
| Sent: 03 June 2005 14:04
| To: m0n0wall at lists dot m0n0 dot ch
| Subject: [m0n0wall] Re: Public webservers behind monowall
| Daniel Foster wrote:
| > Hi,
| > I'm trying to setup m0n0wall to protect webservers in a
| colo facility. We have a /24 subnet routed to us over a /30
| link. My plan was to assign an ip on the /30 to the EXT
| interface, and then put the /24 on the OPT1 interface, (and
| not use the LAN interface apart from initial config and
| perhaps SNMP) and have m0n0wall do the routing. We have it
| setup like this currently with Watchguard Fireboxes, but
| we're having various problems with them so i'd like to
| switch to m0n0 if possible.
| > Is the above possible without doing 1:1 NAT and having to
| give the webservers private IPs?
| > This setup is slightly different to the example in the
| documentation -
| > we don't want m0n0 doing proxy arp sat on the same subnet as the
| > webservers - it needs to have the whole of the /24 on the OPT1
| > interface
| > I've tried to do this in a test environment in our office
| but it doesnt seem to be working properly - it could be
| because im simulating it with private IPs.
| I think you only have to disable NAT, by activating advanced
| nat and not putting any NAT rules. Then put firewall rules
| to allow traffic you want.
| > Any help would be most appreciated.
| > Kind Regards,
| > Dan Foster
| To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
| For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
| No virus found in this incoming message.
| Checked by AVG Anti-Virus.
| Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005